ScreenShot
| Created | 2021.09.17 10:00 | Machine | s1_win7_x6402 |
| Filename | ftp.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (AIDetect, malware2, malicious, high confidence, score, Save, confidence, 100%, Zenpak, Hacktool, Kryptik, Eldorado, Attribute, HighConfidence, HMMQ, GenericKD, DropperX, StellarStealer, pmmnb, Racealer, KYBEA4, RacoonStealer, CoinMiner, Glupteba, R441535, ai score=85, Unsafe, CLASSIC, Static AI, Malicious PE, HMMI, ZexaF, Cq0@aG1HtBlO, Genetic, susgen) | ||
| md5 | 6e50112832160134bc11782d9fe9cadc | ||
| sha256 | 93ba1d3d5ea0f821f84ee02b34b65c3768098b5dfc84022a92f79db5a18f2411 | ||
| ssdeep | 12288:hg/L8dvi3OBEd2+V7fS9LkCMVqreUxCQs:W8dvnZ+VsIwEr | ||
| imphash | 8a8349050dccf77dfddbf10f15c614d4 | ||
| impfuzzy | 24:QigrjmQr3aghDYeOdihbET9kOCtG1tDYRvDsJ3ISxVOTflmjMW3MhMNpb:JQr3afeOdTZQG1twDUj0Tr6f | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x461000 GetLocaleInfoA
0x461004 LoadResource
0x461008 InterlockedIncrement
0x46100c ReadConsoleA
0x461010 GetSystemWindowsDirectoryW
0x461014 GetEnvironmentStringsW
0x461018 WaitForSingleObject
0x46101c FindActCtxSectionStringA
0x461020 GetUserDefaultLangID
0x461024 QueryActCtxW
0x461028 LeaveCriticalSection
0x46102c VerifyVersionInfoA
0x461030 WriteConsoleW
0x461034 ReleaseSemaphore
0x461038 GetProcAddress
0x46103c EnterCriticalSection
0x461040 DisableThreadLibraryCalls
0x461044 ResetEvent
0x461048 OpenMutexA
0x46104c LocalAlloc
0x461050 SetConsoleOutputCP
0x461054 GlobalGetAtomNameW
0x461058 WaitForMultipleObjects
0x46105c SetSystemTime
0x461060 GetModuleFileNameA
0x461064 GetModuleHandleA
0x461068 EraseTape
0x46106c FindFirstVolumeA
0x461070 GetCurrentProcessId
0x461074 AddConsoleAliasA
0x461078 GetModuleFileNameW
0x46107c GetCommandLineW
0x461080 GetLastError
0x461084 HeapReAlloc
0x461088 HeapAlloc
0x46108c GetStartupInfoW
0x461090 RaiseException
0x461094 RtlUnwind
0x461098 TerminateProcess
0x46109c GetCurrentProcess
0x4610a0 UnhandledExceptionFilter
0x4610a4 SetUnhandledExceptionFilter
0x4610a8 IsDebuggerPresent
0x4610ac HeapFree
0x4610b0 SetHandleCount
0x4610b4 GetStdHandle
0x4610b8 GetFileType
0x4610bc GetStartupInfoA
0x4610c0 DeleteCriticalSection
0x4610c4 SetFilePointer
0x4610c8 GetModuleHandleW
0x4610cc TlsGetValue
0x4610d0 TlsAlloc
0x4610d4 TlsSetValue
0x4610d8 TlsFree
0x4610dc SetLastError
0x4610e0 GetCurrentThreadId
0x4610e4 InterlockedDecrement
0x4610e8 HeapCreate
0x4610ec VirtualFree
0x4610f0 VirtualAlloc
0x4610f4 CloseHandle
0x4610f8 Sleep
0x4610fc ExitProcess
0x461100 WriteFile
0x461104 FreeEnvironmentStringsW
0x461108 QueryPerformanceCounter
0x46110c GetTickCount
0x461110 GetSystemTimeAsFileTime
0x461114 CreateFileA
0x461118 InitializeCriticalSectionAndSpinCount
0x46111c SetStdHandle
0x461120 GetCPInfo
0x461124 GetACP
0x461128 GetOEMCP
0x46112c IsValidCodePage
0x461130 WideCharToMultiByte
0x461134 GetConsoleCP
0x461138 GetConsoleMode
0x46113c FlushFileBuffers
0x461140 HeapSize
0x461144 LoadLibraryA
0x461148 SetEndOfFile
0x46114c GetProcessHeap
0x461150 MultiByteToWideChar
0x461154 ReadFile
0x461158 GetStringTypeA
0x46115c GetStringTypeW
0x461160 LCMapStringA
0x461164 LCMapStringW
0x461168 WriteConsoleA
0x46116c GetConsoleOutputCP
USER32.dll
0x461174 RealChildWindowFromPoint
EAT(Export Address Table) is none
KERNEL32.dll
0x461000 GetLocaleInfoA
0x461004 LoadResource
0x461008 InterlockedIncrement
0x46100c ReadConsoleA
0x461010 GetSystemWindowsDirectoryW
0x461014 GetEnvironmentStringsW
0x461018 WaitForSingleObject
0x46101c FindActCtxSectionStringA
0x461020 GetUserDefaultLangID
0x461024 QueryActCtxW
0x461028 LeaveCriticalSection
0x46102c VerifyVersionInfoA
0x461030 WriteConsoleW
0x461034 ReleaseSemaphore
0x461038 GetProcAddress
0x46103c EnterCriticalSection
0x461040 DisableThreadLibraryCalls
0x461044 ResetEvent
0x461048 OpenMutexA
0x46104c LocalAlloc
0x461050 SetConsoleOutputCP
0x461054 GlobalGetAtomNameW
0x461058 WaitForMultipleObjects
0x46105c SetSystemTime
0x461060 GetModuleFileNameA
0x461064 GetModuleHandleA
0x461068 EraseTape
0x46106c FindFirstVolumeA
0x461070 GetCurrentProcessId
0x461074 AddConsoleAliasA
0x461078 GetModuleFileNameW
0x46107c GetCommandLineW
0x461080 GetLastError
0x461084 HeapReAlloc
0x461088 HeapAlloc
0x46108c GetStartupInfoW
0x461090 RaiseException
0x461094 RtlUnwind
0x461098 TerminateProcess
0x46109c GetCurrentProcess
0x4610a0 UnhandledExceptionFilter
0x4610a4 SetUnhandledExceptionFilter
0x4610a8 IsDebuggerPresent
0x4610ac HeapFree
0x4610b0 SetHandleCount
0x4610b4 GetStdHandle
0x4610b8 GetFileType
0x4610bc GetStartupInfoA
0x4610c0 DeleteCriticalSection
0x4610c4 SetFilePointer
0x4610c8 GetModuleHandleW
0x4610cc TlsGetValue
0x4610d0 TlsAlloc
0x4610d4 TlsSetValue
0x4610d8 TlsFree
0x4610dc SetLastError
0x4610e0 GetCurrentThreadId
0x4610e4 InterlockedDecrement
0x4610e8 HeapCreate
0x4610ec VirtualFree
0x4610f0 VirtualAlloc
0x4610f4 CloseHandle
0x4610f8 Sleep
0x4610fc ExitProcess
0x461100 WriteFile
0x461104 FreeEnvironmentStringsW
0x461108 QueryPerformanceCounter
0x46110c GetTickCount
0x461110 GetSystemTimeAsFileTime
0x461114 CreateFileA
0x461118 InitializeCriticalSectionAndSpinCount
0x46111c SetStdHandle
0x461120 GetCPInfo
0x461124 GetACP
0x461128 GetOEMCP
0x46112c IsValidCodePage
0x461130 WideCharToMultiByte
0x461134 GetConsoleCP
0x461138 GetConsoleMode
0x46113c FlushFileBuffers
0x461140 HeapSize
0x461144 LoadLibraryA
0x461148 SetEndOfFile
0x46114c GetProcessHeap
0x461150 MultiByteToWideChar
0x461154 ReadFile
0x461158 GetStringTypeA
0x46115c GetStringTypeW
0x461160 LCMapStringA
0x461164 LCMapStringW
0x461168 WriteConsoleA
0x46116c GetConsoleOutputCP
USER32.dll
0x461174 RealChildWindowFromPoint
EAT(Export Address Table) is none